GDPR changes. Now you have to give specific consent for processing - see here.Now you must accept the agreement because without cookies then parts of the site just would not work.

Quote

Yes till I close it.

By that do you mean you clear cookies when you close your browser. If so then thats the reason why - the only way that the site can know if you will accept cookies is by setting another cookie to say you've accepted. When you clear cookies then I've no way of knowing that you've previously given cookie consent, so the message will re-appear. Same with login which also uses cookies.

Have you not noticed that within the past week just about every website now presents you with a cookie notification. I sure have. Every time I go to a new site up pops their cookie consent and/or privacy policy. I'm getting a bit bored of it now.. but that's legislation for you

I usually set persistent cookies in the main browser options.Then use an addon that wipes cookies after a while, and allows me to override it for certain domain such as kitz.co.uk. So in affect best of both worlds.

On Chrome its Vanilla cookie manager I use.

It is possible to remember user settings without local cookies, but its more complex and difficult for developers, hence cookies been more widely adopted.

I noticed yesterday when I closed my PC down as a storm was coming in, when I booted back up every site I'm normally logged in to had logged me out. It was very strange. Seems like it would be a big coincidence.

It is possible to remember user settings without local cookies, but its more complex and difficult for developers, hence cookies been more widely adopted.

It would be extremely difficult. I can't think how you could do this. IP addresses would be inefficient and you cant get MAC address using http requests.

Ignoring the fact that a webserver cannot get the MAC addresses without running some sort of app... and say you were to use the MAC address you would then need to set up a database which will be storing what would be classed under GDPR as personally identifying data. So you would then have to disclose this in your privacy policy.. and because it is classed as personal data you'd have to have a pop-up for that because they would have to give implicit consent. The legislation on personal data is more complex than cookie consent.

The only way I can think of immediately without devoting any time to it for a web server to remember a user without using cookies would be to hand out unique decorated urls which contain persistent per-user connection id information. Then each time a user follows a link then the server would be able to map the special url to a connection object internally and maintain a persistent conversation that way. It is a bit of a nightmare and means you can't have static pages, nor pages with quotable 'cool' sensible urls, which is dreadful. There is also a security hole in that a user could copy a url and give it to their friend thus giving the friend access to the first userís session all though this could be ameliorated with the use of ip address matching and possibly timeouts. IP address matching would fail in the presence of NAT though. It just gets worse and worse basically.

It would be extremely difficult. I can't think how you could do this. IP addresses would be inefficient and you cant get MAC address using http requests.

Ignoring the fact that a webserver cannot get the MAC addresses without running some sort of app... and say you were to use the MAC address you would then need to set up a database which will be storing what would be classed under GDPR as personally identifying data. So you would then have to disclose this in your privacy policy.. and because it is classed as personal data you'd have to have a pop-up for that because they would have to give implicit consent. The legislation on personal data is more complex than cookie consent.

Just fingerprint the connecting client, which now days is pretty easy to do. Another option would also to be just to tie to the end user account. Cookies is no doubt easier tho hence that been the popular choice.

Is fingerprinting not overkill for viewing http webpages? In fact I'm not even sure what GDPR would make of that, they are currently undecided about the use of IP addresses and web logs for stats such as webalizer If you used fingerprinting that would be seen as personally identifying data so you'd then have to do a pop-up to your privacy notice and keep track of that too and any keys.

Is fingerprinting not overkill for viewing http webpages? In fact I'm not even sure what GDPR would make of that, they are currently undecided about the use of IP addresses and web logs for stats such as webalizer If you used fingerprinting that would be seen as personally identifying data so you'd then have to do a pop-up to your privacy notice and keep track of that too and any keys.

Cookies are a lot more straight forward.

To be honest I wouldnt even consider it as GDPR now for sure makes it a hassle because you storing data, and although it can be considered anonymous data (if not tied to account) I am not sure of the legalities under the new legislation.

The pros of cookies are the end user has control if they stored, its simpler for the web admin, its simpler on the legal side of things.

The pros of server side session storage is the web admin doesnt need to worry if a cookie is been accepted or not in a browser, so the control of the storage moves from end user to the web admin.